How to configure SSH authorized key?
-
Okay, so I am supposed to use the OpenSSH exported key on putty. However, the key generated by OpenSSH doesn't have the prefix .ppk so, I used it without the .ppk and used it with a .ppk extension which I give and it was no work again. Error message:
Unable to use key file "C:\Users\owner\Desktop\openssh_privatekey" (OpenSSH SSH-2 private key)
I am getting anxious now. Here is all the files I created. Can someone please test this.
Efonne,
IMPORTANT: None of my files include the "Public key for pasting into OpenSSH authorized_keys file:" which you mentioned in your post. Do you use PuttyGen to generate key files?ANYTHING YOU SEE BELOW ENCAPSULATED IN CODE AND SHOWS AS CODE WAS EXACTLY COPIED AND PASTED AND NO HEADERS WERE REMOVED WHILE USED ON PFSENSE OR THE PUTTY CLIENT.
PassPhrase:
dklsfjs87234ksdfkhERewrkjewh@#$3kjsdfjusdjPrivate Key by PuttyGen (This was also used on PuttyClient on another attempt to see if it works and failed):
PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc Comment: rsa-key-20100730 Public-Lines: 4 AAAAB3NzaC1yc2EAAAABJQAAAIEAwKVyCw7h2WIiOiTh+6Msu2s15WNxQoY7hPco z0rZCgiAkaKYE8hMpXxJ2vc9kVSSqp6SK9NwoLTJi3/ciRbbAPcNCq+sfOPyLtkd kBUSx1SZR5PdYpmA+shG25ezwO3nikcglWNiiSEcw9z5QSJ7rHYLiMVVEhJ9fi2/ 1cL5QD8= Private-Lines: 8 tDxVbyl3KIMuJ8Ap05W/ypJe+lWmL+nzAmAilLXq1B6FS/91jPweJbtlfkimALV/ lTiN+nSynC+IgJpx05BjP4p4GdaxqfFjB5aTm1DPR5CSV5b75UC0j9A0ijeBYZ8D fN/89cGFJwbi53LSyjovd5VC09eAWqlnRKGuJ7p+dFtYbo6gQ/04BBo3vEMR3nrc jswq+GvUhEZRZs8qHPOg0bCMGg2ZSv2k2fSzoYeSfEOHpG0yih4jscnsTWlZwjDj 5oTyMDzM0OPeG3tl/BoivQu9pHQegDt72aw/QLzjnVYuXT0Q2ttwAmluRbZjcdjq svJtwtLX74bpTAZMCb9sMUC/VEyf2uaQI9EIZKlJZphq+pR7YgGMmvDfj2vSHan/ PT9mDe7iNt/lxILIVChcrWBO63blN5b25D5ILxdZLokQKGY5VYRajGJSuPLViL73 ur8/Kg7PPFy/jAmmcQLxLw== Private-MAC: 055545f59a6889192e7309575a55388ac7b4b981Public Key by PuttyGen (Was put into pfsense System > Advanced > Auth Keys):
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-20100730" AAAAB3NzaC1yc2EAAAABJQAAAIEAwKVyCw7h2WIiOiTh+6Msu2s15WNxQoY7hPco z0rZCgiAkaKYE8hMpXxJ2vc9kVSSqp6SK9NwoLTJi3/ciRbbAPcNCq+sfOPyLtkd kBUSx1SZR5PdYpmA+shG25ezwO3nikcglWNiiSEcw9z5QSJ7rHYLiMVVEhJ9fi2/ 1cL5QD8= ---- END SSH2 PUBLIC KEY ----OpenSSH key Exported from PuttyGen (not sure if this is a private key like Efonne noted or public key as it has no extension but inside says private key) - (This was used on Putty client to connect to pfsense and failed):
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,15731C21C3F1B673 0tRZlz81Oz048sJb7LKOR18piKnT4klb2jfvgEACTHmYrm3C8VCwTDJNw/2XBrL1 IHfG5ZhYrKLLAL/jKOoNO7oTMdTDhs/7qL+iRc3UCHCVp1WJe24HC3vUcHrrzrBf uS0flEAVqW86prgmmcnKx4k2QD7csRZlKQrCAYud3Fdrnx8feA80cV7zVcHFSO60 oVA5Ch1MwE4wK6AAUkrYEbbI9HZmJIS2QXiZbXSeV5Ey+S/sJUnHrwGe5FgZFlTm +rpUYDpygFzFn5+KyLkKWI4PFEmM9AuuNY+2o8MnNUJ+dx8/fZHf04y//qMVA5ST txAbAJwXm1h8A4Kmsu3XerSONvr9wMrNrqq3Q4Q8WwVldCIDX65qG18SI4AcxXQc YAWAVWIyfQqc4RVbKZsQZt4RN5YzAW8Z8eEU7It1NI0EjOd6VaCRGkOiC54xvZJe ZFCvmMtJGPs08ZdHckQl6DxYdMpY2WQNXskQHQSgdL3bxKfFxyfF3ZlgHFLJG/ca DDQzwhP0G0lFNCDSj/x235s6VLRTVec3y/UP0IGpe49kqWri+gQUESqLIbXXwNyU JYNcG8BcIxlGlQw3jFnbN3g84dP2ETCeY6dRdIwcEteE//BGYTCLpPQob0uSgHBU aT0RWoX0oeP6karwagslQ4YsOu6hZPBmFUhJoQCAKN/YQlVweaWu0UU5PFumG9Qj uManNko52OMbZkxRVQ2ju7D0VFZWQT49ZQhjgaszb+NNUHDPsCu7fvoVrsYwJY3X iSGSaKWuZfEgXIqMpDmOorBN0OTHadoD2H9d2sRhdE8= -----END RSA PRIVATE KEY-----Thanks
-
And now that you've completely compromised the security of that key, trash it and make a new one. :-)
-
Does that mean you tested it and it works for you :-) ???
I hope I haven't contributed to too much of the green house effects by making the key public and useless :-) After all, it's only few billion electrons displaced.
-
No, I didn't try it.
There's a bit of a misunderstanding about what you need to do, perhaps.
When you make the key, save it as blah.ppk. Don't worry about the OpenSSH export, only the "public key for pasing" box. Copy the contents of that box into pfSense's field for authorized keys.
Make sure the key gets saved.Fire up pageant.
Double click the pageant icon in the taskbar
Click add key
find your blah.ppk
Load that up, enter the passphrase if you made oneThen connect with putty.
-
They say a picture is like 1000 words. Doing what you said disregarding the OpenSSH key export, I am getting a different error. Please check below link for the snap shot of my desktop.
https://docs.google.com/leaf?id=0B9R-hmALgNpVYzlmNzdkZmItY2IzNy00NzMyLThiZGEtNTI5MDI0NzU2OGNj&hl=en
Error:
No supported authentication method availableThanks
-
Take off the begin, end, and comment lines. If that doesn't work, load the key back up in puttygen, and make sure you have copied the box on the main screen that says right on top of it that it's the openssh public key.
Exporting the openssh key will export the whole key, not just the public part.
-
Perfect. Works amazingly now. Apparently the Public key saved is much different from what is in puttygen window (probably extraneous header and footer stuff).
All right,so to summarize and help others, here is how this should be done:
1- Open PuttyGen and Generate some randomness while PuttyGen creates a key for you.
2- Enter a long a$$ password with lots of characters, caps, small, and numbers phrase and save private key.
3- Do NOT SAVE public key. The whole point of this is to not have both keys on the same machine as security maybe compromised. Also, it's unnecessary to save public key.
4- Once key is generated, in the window on top (on PuttyGen) you will see you public key. Copy and paste that into pfsense System > Advance > Auth key and disable root login and press Save (don't forget SAVE).
5- Open Pageant (part of the Putty package) and add the private key. It will ask for your pass-phrase so enter it to add the key.
6- Open a putty session to your server IP and type root and it MUST login.
7- Enjoy the security and safeguard your key away from your pass-phrase.-Bruce
-
Sounds good except forโฆ
3- Do NOT SAVE public key. The whole point of this is to not have both keys on the same machine as security maybe compromised. Also, it's unnecessary to save public key.
You want to save the public key. It doesn't harm security, it's the "public" part. You can even put that up somewhere for others to grab so they can add it to their servers and let you in with ssh keys.
Besides, if you ever need to login to a second box with the same key, you'll need that again. :-)
-
Not trying to be rude but if you don't understand why the public key does not have to be protected or kept separate from the private key (WHICH IT SELF HAS TO BE KEPT SECRET) then please don't write instructions for others. Figure out first how things really work, please.
-
Good to know all that about Public key. Thanks again guys.
-
Besides, puttygen can generate the public key if you give it the private key.
By the way, I was saying all along that you want to paste the key from that box into your pfSense configuration. ย I've used this before, so I know the steps that are involved. ;)
-
Yes, you were right. But I was seeing it as the Public key as I was confused by other posts and specially the openSSH one.
Thanks
-
The key in the box is the public key in the form that OpenSSH uses on the server end and the export OpenSSH key saves the private key needed for using OpenSSH as the client.
